Network Time Security
Network Time Security ↗ (NTS) provides cryptographic security for the client-server mode of the Network Time Protocol (NTP). This allows users to obtain time in an authenticated manner.
The NTS protocol is divided into two phases:
- NTS Key Exchange: Establishes the necessary key material between the NTP client and the server, using a Transport Layer Security (TLS) handshake ↗ (the same public key infrastructure as the web). Once the keys are exchanged, the TLS channel is closed and the protocol enters the second phase.
- NTS Extension Fields for NTPv4: Authenticates NTP time synchronization packets using previously established key material. For more information, refer to RFC 8915 ↗.
NTS is gaining support in many NTP implementations, including Chrony ↗, NTPsec ↗, and ntpd-rs ↗. Read the relevant documentation for guidance on setting them up to point to our time service, time.cloudflare.com. Also see Netnod's documentation ↗ for configuring NTS clients.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark